Carbanak Banking Malware Resurfaces with New Ransomware Tactics

By neub9
2 Min Read

Dec 26, 2023NewsroomMalware / Cybercrime

The Carbanak banking malware has adapted to include new tactics in its ransomware attacks, NCC Group said, following an analysis of incidents in November 2023.

During the attacks last month, Carbanak was distributed through compromised websites to impersonate various business-related software, including HubSpot, Veeam, and Xero.

Carbanak is well-known for its data exfiltration and remote control features, and it has been utilized by the FIN7 cybercrime syndicate since at least 2014.


From USER to ADMIN: Learn How Hackers Gain Full Control

Discover the secret tactics hackers use to become admins, how to detect and block it before it’s too late. Register for our webinar today.

Join Now

NCC Group’s latest report detailed the compromised websites used to host malicious installer files, masquerading as legitimate utilities to deploy Carbanak.

The surge in ransomware attacks in November saw a total of 442 incidents reported, up from 341 in October 2023, with the company’s data indicating that the industrials, consumer cyclicals, and healthcare sectors were among the top targets.

Notably, LockBit, BlackCat, and Play ransomware families contributed to 47% of the attacks, with BlackCat dismantled by authorities this month.

While the spike in ransomware attacks is a result of law enforcement takedown of QBot infrastructure, news of low-volume phishing campaigns distributing the malware underscores the challenges in fully dismantling these groups.

Kaspersky also revealed that Akira ransomware’s security measures prevent its communication site from being analyzed by raising exceptions while attempting to access the site using a debugger in the web browser.

Additionally, ransomware operators are exploiting different security flaws in the Windows Common Log File System (CLFS) driver for privilege escalation.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *